I'm following the attestation object validation guide to check my attestation server validations, but having a different output of that it's expected in the documentation.
Everything goes well until the step 2, where it's created the SHA256 hash of the one-time challenge, then this hash it's appended to the end of the authenticator data from the decoded attestation object.
Here the generated client data hash is different from the one in the documentation, which also causes a different nonce value.
Full implementation at Go Playground: https://go.dev/play/p/DpL_H3L8yWV
// generate the SHA256 hash of the one-time challenge
challengeHash := sha256.Sum256([]byte(serverChallenge))
// append the one-time challenge hash to the end of the authenticator data
clientDataHash := append([]byte(att.AuthData), challengeHash[:]...)
// create a SHA256 hash of the composite item to create nonce
nonce := sha256.Sum256(clientDataHash)
Then I noticed that if the one-time challenge value it's just appended to the end of the authenticator data, the value it's correctly according to the documentation.
Full implementation at Go Playground: https://go.dev/play/p/qqN97SevJAB
// append the one-time challenge byte array to the end of the authenticator data
// this time not generating the SHA256 hash of the one-time challenge
clientDataHash := append([]byte(att.AuthData), []byte(serverChallenge)...)
// create a SHA256 hash of the composite item to create nonce
nonce := sha256.Sum256(clientDataHash)
My question is which of the implementations is correct, because if I didn't get it wrong it should be the first one and we would have an error in the documentation.